Aha! Ideas | Portal SSO | Salesforce

Salesforce has the ability to function as a single sign-on (SSO) identity provider for Aha! Ideas using SAML 2.0. It is a popular option among customers who have an active customer community being run through Salesforce already, and is commonly used to allow the Salesforce community users to authenticate into an Aha! Ideas portal using their Salesforce community credentials.

Click any of the following links to skip ahead:

Enable Salesforce as an identity provider

To do this, follow the instructions on Salesforce's knowledge base.

Note:

  • You can also integrate with the Salesforce app, to allow Salesforce users to add and vote on ideas in your ideas portal.

  • The configuration described in this article establishes a SAML based authentication where your Salesforce community users are able to use their Salesforce community credentials to log into your Aha! Ideas portal. If your objective is to seamlessly authenticate these users from your Salesforce community site into your ideas portal, you may want to consider utilizing a JSON Web Token (JWT) single sign-on approach.

  • Salesforce can also function as the identity provider to allow all users to authenticate into the actual Aha! Ideas application, although that is a much less common workflow.

Top

Configure Salesforce SSO in Aha! Ideas

With Salesforce set up as an identity provider, you can then go into Aha! Ideas and enable SSO for your ideas portal (or account).

To do this, you will need to open your ideas portal settings. Navigate to Settings ⚙️ → Account → Ideas portals or Ideas → Overview. You will need to be an administrator with customizations permissions to configure an ideas portal.

  • From your account settings, click the name of the ideas portal you wish to edit.

  • From Ideas → Overview, click the pencil icon by the name of the ideas portal you wish to edit.

Once your ideas portal settings are open, navigate to Users → SSO.

  1. Click Add new provider.

  2. Choose SAML as your identity provider Type. Click Save.

  3. The SAML 2.0 configuration will display.

  4. Configure Salesforce as your identity provider. There are many different valid configurations for this step.

Note: When configuring SSO with Salesforce, the single sign-on endpoint field in Aha! needs to be populated with the SP-Initiated Redirect Endpoint URL from the SAML Login Information settings in Salesforce. The default endpoint provided by Salesforce utilizes a HTTP POST as opposed to a HTTP GET that is expected when running SSO.

Top

Note: This article discusses functionality that is included in Ideas Advanced. Please contact us if you would like a live demo or would like to try using it in your account.


Share your SSO configuration between portals (Advanced plan)

If you have added Ideas Advanced functionality to your Aha! account, the process to create and assign an identity provider looks a little different.

  1. Follow the same steps in the Salesforce configuration listed above.

  2. Navigate to Settings ⚙️→ Account → Ideas portals or Ideas → Overview. You will need to be an administrator with customizations permissions to configure an ideas portal.

    1. From your account settings, click the name of the ideas portal you wish to edit.

    2. From Ideas → Overview, click the pencil icon by the name of the ideas portal you wish to edit.

  3. Once you have your portal settings open, navigate to the Users tab, then the SSO section.

  4. Select Add new provider from the Identify Provider dropdown.

    1. Name: Name your identity provider.
      Note: We recommend that you name your provider something easily recognizable to the different portals that might want to use it, like Employees, or Customers.

    2. Type: Choose SAML as your identity provider type.

    3. Click Save and continue in Aha!

    4. Enter the remaining fields following the SAML 2.0 configuration instructions.

  5. Click Enable SSO to enable your identity provider.

To share your identity provider configuration between multiple ideas portals:

  1. Open each portal's settings.

  2. Once you have your portal settings open, navigate to the Users tab, then the SSO section.

  3. Select the identity provider you just created from the Identity provider dropdown.

  4. Congratulations! You just shared your configuration with another portal.

  5. Repeat these steps for each portal you wish to use the shared Identity provider configuration.

You can manage your identity provider configuration — and the portals that use it — from the Identity providers tab in Settings ⚙️→ Account → Ideas portals.

Top

Aha! Ideas portal user experience

When a user authenticates to the ideas portal, they will be presented with the option to authenticate to the portal via SSO only. If they are already logged in to the SSO provider, they will automatically be logged in to your portal without any additional actions.

  • Public portal: Once SSO is configured, users will be prompted to log in before posting or voting ideas. Anyone can view ideas, regardless of whether they are logged in.

  • Private portal: In order to access the portal, users will be prompted to log in via SSO. If SSO is configured, any user with the SSO account will be able to access the ideas portal, regardless of email domain.

Note: It is possible to invite an ideas portal user from your ideas portal settings who has not been configured with the identity provider your portal is using. The user will not be able to log in to the ideas portal until they can be authenticated by the identity provider.

Top

Troubleshooting

If you run into trouble, we have gathered common SSO configuration issues into one article, along with common resolutions.

The best place to start in most of these situations is the integration log messages for your SSO configuration. Those messages will help diagnose and solve the problem.

Top

If you get stuck, please reach out to our Customer Success team. Our team is made up entirely of product experts and responds fast.

Aha! Roadmaps
Aha! Ideas
    Ideas
    Aha! Develop
    Announcements
    © 2021 Aha! Labs Inc.All rights reserved